Home Podcasts Videos Guest Posts Q&A My Take Bio Contact

Q & A


Security start-up deploys advanced AI, aka ‘deep learning,’ to detect malware on endpoints

By Byron V. Acohido

Based in Tel Aviv, Israel, Deep Instinct was one of the more intriguing cybersecurity vendors I had the privilege of spending some time with at RSA Conference 2018.

The company lays claims to being the first to apply “deep learning” to a truly innovative protection system that extends machine learning and artificial intelligence down to the level of every computer and mobile device of each employee.

Accompanying podcast: Deep Instinct pioneers AI-infused endpoint security

The company has been doing something right. Launched in 2015, it has grown rapidly to 100 employees. It has attracted $32 million in venture funding and won a satchel full of industry awards, including being named by Dark Reading’s “most innovative startup” at Black Hat Las Vegas last summer.

Deep learning is an advanced branch of machine learning and artificial intelligence. It works by sifting through the oceans of data that course through a company’s network in a series of layers, referred to as a neural network. This layered, systematic approach to making cross correlations is modeled after the human brain.

Once it is switched on, deep learning never stops. The more data fed into its algorithms, the more accurately the system recognizes things it was designed to recognize, in this case fresh malware variants. If that sounds like a gargantuan computing task, it is.

Deep Instinct’s founders not only crafted proprietary algorithms to achieve this, they also innovated a way to distribute the results (malware alerts) down to the level of personal computing devices.


Jonathan Kaftzan, vice president of marketing, walked me through how these breakthroughs are helping companies protect their networks. For a full drill down on our discussion, please listen to the accompanying podcast. Here are excerpts of our discussion edited for clarity and length:

LW: What’s deep learning all about? …more

Q&A: How EventTracker breathes new life into SIEMs — by co-managing company systems

By Byron V. Acohido

Security information and event management systems – aka SIEMs — arrived in the corporate environment some 13 years ago holding much promise.

Related article: WannaCry revives self-spreading viruses

SIEMs hoovered up anything that might be a security issue in real-time from various event and data sources. Companies could pump in all of the data traffic crisscrossing their networks, and out the other end would come intelligence about anything deemed suspicious.

Despite growing into a multi-billion dollar market, SIEMs never really lived up to the early hype. The knock on SIEMs is two-fold. First, they haven’t kept pace with the advancing complexity of business networks, such as the rise of cloud systems, mobile and IoT. And, second, SIEMs, to be truly effective, must be nurtured daily by human security analysts, who happen to be in very short supply.

One of the cybersecurity vendors I met with at RSA Conference 2018, EventTracker, a Netsurion company, aims to remove much of the frustration of operating SIEMs. EventTracker  has set out to help mid-sized enterprises overcome SIEMs’ intrinsic shortcomings, and thus breathe new life into this comparatively old technology.

I sat down with EventTracker CEO A.N. Ananth who walked me through his company’s business model, which revolves around supplying a “co-managed” SIEM service. For a full drill down, please listen to the accompanying podcast. Here are excerpts, edited for clarity and length. …more

Preempt stakes out turf as supplier of ‘Continuous Adaptive Risk and Trust Assessment’ technology

By Byron V. Acohido

Defending modern business networks continues to rise in complexity seemingly minute by minute. Perimeter defenses are woefully inadequate, and traditional tactics, like blacklisting and malware detection, are proving to be increasingly ineffective.

Protecting business networks today requires a framework of defenses. Leading tech research firm Gartner has even contrived a new buzz phrase for the required approach: “Continuous Adaptive Risk and Trust Assessment,” or CARTA.

Related article: The threat of ‘shadow admins’

I had the chance to visit recently with Ajit Sancheti, co-founder and CEO of a startup called Preempt, which has positioned itself in the vanguard of CARTA system suppliers. For a full drill down on our conversation please listen to the accompanying podcast. Here are excerpts edited for clarity and length:

LW: You’ve described Preempt as taking an identity-centric approach to security and threat prevention. Please explain.

Sancheti: Identity is the new perimeter. Think about how we now have a mix of enterprise networks being on cloud, non-cloud in enterprise data centers, and cloud hybrids. The only entity you can control is the user. If you can figure out the risk profile of users at a given time and continue to build on those profiles over time, then based on their identity, their behavior, and the importance of the asset they are trying to access, then you can actually take real-time security actions to ensure that the person who’s getting the access is who they say they are.

LW: Can you frame the problem of threat actors using legit Windows tools to wreak havoc? …more

Q&A: How to prepare for Spectre, Meltdown exploits — and next-gen ‘microcode’ attacks

By Byron V. Acohido

If you think the cyber threat landscape today is nasty, just wait until the battle front drops to the processor chip level.

Related artilce: A primer on microcode vulnerabilities

It’s coming, just around the corner. The disclosure in early January of Spectre and Meltdown, critical vulnerabilities that exist in just about all modern computer processing chips, introduced virgin territory for well-funded, highly motivated criminal hackers. And this is where the front lines will inevitably shift — to a much deeper level of the digital systems we take for granted.

Spectre and Meltdown are the first examples of a new class of flaws so deep and so profound that they really can’t be fixed until the next generation of chips gets here. That suggests that well-financed, highly motivated criminal hacking rings have years, if not a decade or more, ahead of them to take full advantage.

We are in this predicament because the chipmakers, led by Intel, AMD and ARM, aided and abetted by the operating system suppliers, Microsoft, Apple and Linux, made a decision in 1995 to toss security in the back seat as they embarked, hell bent, on a race to build and leverage faster and faster Central Processing Units, or CPUs.

The chipmakers came up with a technique, called “speculative execution,” essentially taking shortcuts at the chip level, slightly delaying verification checks to buy more clock speed. Meltdown and Spectre represent two approaches hackers can now take to manipulate speculative execution at the chip level and thereby gain access to any sensitive data residing a level above — in the operating system memory. …more

Q&A: What all companies should know about their exposure to ‘open-source’ vulnerabilities

By Byron V. Acohido

Hackers were able to ransack Equifax last year and steal personal data for some 144 million citizens by exploiting a vulnerability in an open source component, which the credit bureau failed to lock down.

Related article: Beware of open-source vulnerabilities lurking all through your network

The hackers leveraged a vulnerability in something called Apache Struts2, an open-source application framework that supports the credit bureau’s web portal. It is widely used by developers of Fortune 100 companies to build web applications.

It turns out that Apache Struts2 is widely deployed among small and mid-sized businesses, as well. LastWatchdog recently had a conversation with Rami Sass, CEO and co-founder of WhiteSource, a supplier of open source management systems. We …more

Q&A: How crypto jackers drain computing power from business networks

By Byron V. Acohido

Messaging security firm Proofpoint has been tracking botnet activity as closely as security vendor.  One recent development is the deployment of  botnets for hire, such as Necurs, towards illicit crypto mining, or crypto-jacking.

Related article: Crypto jacking spreading faster than ransomware

This silent stealing of corporate computing resources may seem somewhat benign compared to ransomware campaigns or Distributed Denial of Service attacks. In actuality, the harm is material, and this attack development is in a nascent stage.

Last Watchdog asked with Kevin Epstein, Proofpoint’s vice president of threat operations, to frame the impact for businesses.

LW: What precisely is the harm caused to my business, if several of my servers are corrupted and directed to cryto-mining?


Q&A: What CyberX is doing to help address the hackable state of industrial control systems

By Byron V. Acohido

Finally, the profoundly hackable state of industrial control systems (ICS) is being elevated as an issue of substantive concern and beginning to get the level of global attention it deserves.

Nation-state backed hackers knocking out power grids and discombobulating other critical infrastructure – the cyber Pearl Harbor scenario – has been discussed for years in military and intelligence circles. However, skepticism and apathy have been the watchwords among the actual operators of industrial control systems.

Related article: Risking energy plant hacks signal cyber war activity

Discussions about better protecting these uniquely vulnerable specialized networks — now generally referred to as operational technology (OT) or industrial control systems — has historically taken a back seat to mainstream IT security issues, such as phishing, ransomware and denial of service attacks.

Fortuitously, that’s beginning to change. A series of disclosures this past year peeled back the curtain on the extent to which Russia, Iran and North Korea, in particular, have been proactively probing and infiltrating OT networks. On a parallel track, a handful of innovative startups have developed purpose-built platforms to address industrial and critical infrastructure security. …more